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DETAILED ACTION 

1 . This action is responding to application papers filed on 3-13-2007. 

2. Claims 22 - 37 are pending. Claims 1 - 21 have been canceled. Claims 22 - 37 
are new. Claims 22, 31 are independent. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351(a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international 
application designated the United States and was published under Article 21 (2) of such treaty in the 
English language. 

4. Claim 22 - 27, 29 - 36 are rejected under 35 U.S.C. 102(e) as being anticipated - 



by Ellison et al. (US Patent No. 7,082,615). 



Regarding Claim 22, Ellison discloses a secure processing system, comprising: 

a) a main processor unit (MPU) coupled to a processor bus; (see Ellison Figure 1C: 
host (processor) bus; col. 4, lines 40-45: interface between processors and 
memory, I/O controller) 

b) an attached processor complex (APC) coupled to the processor bus and 
comprising: a local store configured to store computer instructions and data; (see 



Application/Control Number: 1 0/601 ,374 Page 3 

Art Unit: 2136 

Ellison col. 4, lines 63-65; col. 3, lines 45-47: load code and data (software), local 
store) 

c) an attached processor unit (APU) coupled to the local store; wherein the APC is 
configured to receive commands from the MPU via the processor bus, to store a 
cryptographic master key (see Ellison col. 4, lines 63-65: APU coupled to host 
(processor) bus; col. 6, lines 38-42: cryptographic key storage), and to operate in 
a non-isolated state and an isolated state; (see Ellison col. 4, lines 16-22: 
partitioned memory, isolated and non-isolated) and 

d) wherein in response to a LOAD command received from the MPU (see Ellison 
col. 3, lines 43-45: load command initiated by processor), the APC is configured 
to transition from the non-isolated state to the isolated state (see Ellison col. 4, 
lines 16-22: partitioned memory, isolated and non-isolated), to partition the local 
store into a general access section accessible by the MPU and an isolated 
section accessible only by the APU, to transfer a set of computer instructions or 
data into the isolated section of the local store (see Ellison col. 3, lines 21-25; col. 
3, lines 45-47: load code and data to isolated region), and to use the master key 
to extract and decrypt a portion of the computer instructions or data stored in the 
isolated section of the local store, thereby producing another cryptographic key. 
(see Ellison col. 10, lines 6-8; col. 9, lines 64-65; col. 10, lines 16-19: decryption 
(i.e. key) utilized loading image) 
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Regarding Claim 23, Ellison discloses the secure processing system as recited in 
claim 22, wherein secure processing is performed within the isolated section of the local 
store of the APC. (see Ellison col. 4, line 63 - col. 5, line 5: secure processing within 
isolated section, non-secure processing outside) 

Regarding Claim 24, Ellison discloses the secure processing system as recited in 
claim 22, wherein the cryptographic master key stored in the APC is not accessible by 
the MPU. (see Ellison col. 6, lines 13-18: access restricted to isolated region) 

Regarding Claim 25, Ellison discloses the secure processing system as recited in 
claim 22, wherein the cryptographic master key stored in the APC is unique to the 
secure processing system, (see Ellison col. 6, lines 64-66: unique cryptographic key (for 
platform) stored) 

Regarding Claim 26, Ellison discloses the secure processing system as recited in 
claim 22, wherein when the APC is operating in the non-isolated state, the general 
access section occupies the entire local store, (see Ellison col. 6, lines 13-15: isolated 
addressing section only setup and defined when in isolated state) 

Regarding Claim 27, Ellison discloses the secure processing system as recited in 
claim 22, wherein when the APC is operating in the isolated state, the APC is 
configured to respond to an EXIT command received from the MPU by clearing the 
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isolated section of the local store and eliminating the isolated section of the local store, 
thereby causing the general access section to occupy the entire local store, (see Ellison 
col. 5, lines 5-10; col. 3, lines 43-45: configuration commands, initialize or reset isolated 
region) 

Regarding Claim 29, Ellison discloses the secure processing system as recited in 
claim 22, wherein the APC further comprises a bus interface unit (BIU) coupled to the 
processor bus, and wherein local store and the APU are coupled to the BIU. (see 
Ellison col. 4, lines 40-45: MCH (bus interface unit) coupled to host (processor) bus) 

Regarding Claim 30, Ellison discloses the secure processing system as recited in 
claim 29, wherein the BIU comprises a load/exit state machine (LSEM) configured to 
store the cryptographic master key. (see Ellison col. 3, lines 21-25; col. 3, lines 45-47: 
load code and data to isolated region, state machine; col. 6, lines 38-42: store 
cryptographic key) 

Regarding Claim 31, Ellison discloses a method for carrying out secure processing, 
comprising: 

a) providing a main processor unit (MPU), a processor bus, (see Ellison Figure 1C: 
host (processor) bus; col. 4, lines 40-45: interface between processors and 
memory, I/O controller) and 
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b) an attached processor complex (APC), wherein the APC comprises a local store 
configured to store computer instructions and data and an attached processor 
unit (APU) coupled to the local store; (see Ellison col. 4, lines 63-65: attached 
processor (APU), isolated execution) 

d) configuring the MPU to drive a LOAD command on the processor bus in the 
event secure processing is required; (see Ellison col. 5, lines 5-10; col. 3, lines 
43-45: partitioning isolated region, initiation or configuration command) 

e) coupling the MPU to the processor bus; (see Ellison Figure 1C: host (processor) 
bus; col. 4, lines 40-45: interface between processors and memory, I/O 
controller) 

f) configuring the APC to receive the LOAD command via the processor bus, to 
store a cryptographic master key, and to operate in a non-isolated state and an 
isolated state; (see Ellison col. 5, lines 5-10; col. 4, lines 16-22: setup isolated 
and non-isolated states; col. 6, lines 38-42: store cryptographic key) 

g) configuring the APC to respond to a received LOAD command by: transitioning 
from the non-isolated state to the isolated state; (see Ellison col. 5, lines 5-10: 
configure and setup (APU, LOAD command) isolated state) 

h) partitioning the local store into a general access section accessible by the MPU 
and an isolated section accessible .only by the APU; (see Ellison col. 4, lines 16- 
22: partition into isolated and non-isolated sections) 
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i) transferring a set of computer instructions or data into the isolated section of the 
local store; (see Ellison col. 7, lines 41-43: software to implement; col. 3, lines 
21-25; col. 3, lines 45-47: load code or data into isolated region) 

j) using the master key to extract and decrypt a portion of the computer instructions 
or data stored in the isolated section of the local store, thereby producing another 
cryptographic key; (see Ellison col. 10, lines 6-8; col. 9, lines 64-65; col. 10, lines 
16-19: decryption (i.e. key) utilized loading image) and 

k) coupling the APC to the processor bus. (see Ellison col. 5, lines 43-46: 
processor (APC) coupled to memory) 

Regarding Claim 32, Ellison discloses the method as recited in claim 31, wherein the 
secure processing is carried out within the isolated section of the local store of the APC. 
(see Ellison col. 4, line 63 - col. 5, line 5: secure processing within isolated section) 

Regarding Claim 33, Ellison discloses the method as recited in claim 31, wherein the 
cryptographic master key stored in the APC is not accessible by the MPU. (see Ellison 
col. 6, lines 1 3-1 8: access restricted to isolated region) 

Regarding Claim 34, Ellison discloses the method as recited in claim 31 , wherein the 
coupling of the MPU and the APC to the processor bus forms a processing system, and 
wherein cryptographic master key stored in the APC is unique to the processing system, 
(see Ellison col. 6, lines 64-66: unique cryptograph key (for platform) stored) 
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Regarding Claim 35, Ellison discloses the method as recited in claim 31 , wherein when 
the APC is operating in the non-isolated state, the general access section occupies the 
entire local store, (see Ellison col. 6, lines 13-15: isolated section only exists when setup 
and executing) 

Regarding Claim 36, Ellison discloses the method as recited in claim 31 , further 
comprising: configuring the APC to respond to a received EXIT command when 
operating in the isolated state by: clearing the isolated section of the local store; and 
eliminating the isolated section of the local store, thereby causing the general access 
section to occupy the entire local store, (see Ellison col. 3, lines 43-45; col. 5, lines 5-10: 
command (i.e. instruction) processing, initiate/exit isolated mode; col. 6, lines 13-15: 
isolated section only exists when setup and executing) 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

6. Claim 28, 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ellison et al. (US Patent No. 7,082,615) in view of Worley, JR et al. (US PGPUB No. 
20020194389). 
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Regarding Claim 28, Ellison discloses the secure processing system as recited in 
claim 22, wherein the APC is configured to use the other cryptographic key to decrypt 
another set of computer instructions or data, (see Ellison col. 10, lines 6-8; col. 9, lines 
64-65; col. 10, lines 16-19: decryption (i.e. key) utilized loading image) Ellison does 
not specifically disclose whereby to authenticate another set of computer instructions or 
data. However, Worley discloses wherein configured to authenticate another set of 
computer instructions or data, (see Worley paragraph [0049], lines 1-7; paragraph 
[0129], lines 9-15; paragraph [0139], lines 27-33: authentication code (instructions or 
data)) 

It would have been obvious to one of ordinary skill in the art to modify Ellison as 
taught by Worley to enable the capability to authenticate another set of computer 
instructions or data. One of ordinary skill in the art would have been motivated to 
employ the teachings of Worley in order to enable operational control of secure 
resources without exposing privilege instructions and registers, (see Worley paragraph 
[0020], lines 16-21: " ...provide a set of secure-platform management services for 
operational control of hardware resources that neither expose privileged instructions 

* 

and privileged registers of the hardware nor simulate privileged instructions and 
privileged registers. ... ") 
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Regarding Claim 37, Ellison discloses the method as recited in claim 31 , wherein the 
configuring the APC to respond to a received LOAD command comprises: configuring 
the APC to respond to a received LOAD command by: 

a) transitioning from the non-isolated state to the isolated state; (see Ellison col. 5, 
lines 5-10; col. 3, lines 43-45: command processing, isolated region) 

b) partitioning the local store into a general access section accessible by the MPU 
and an isolated section accessible only by the APU; (see Ellison col. 4, lines 16- 
22: partitioning memory, isolated and non-isolated regions) 

c) transferring a set of computer instructions or data into the isolated section of the 
local store; (see Ellison col. 3, lines 21-25; col. 3, lines 45-47: load code or data 
into isolated region) 

d) using the master key to extract and decrypt a portion of the computer instructions 
or data stored in the isolated section of the local store, thereby producing another 
cryptographic; (see Ellison col. 10, lines 6-8; col. 9, lines 64-65; col. 10, lines 16- 
19: decryption (i.e. key) utilized loading image) and 

Ellison discloses wherein using the other cryptographic key to authenticate or 
decrypt another set of computer instructions or data, (see Ellison col. 1 0, lines 6-8; 
col. 9, lines 64-65; col. 10, lines 16-19: decryption (i.e. key) utilized loading image) 
Ellison does not specifically disclose whereby to authenticate another set of 
computer instructions or data. 
However, Worley discloses: 
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e) to authenticate another set of computer instructions or data, (see Worley 

paragraph [0049], lines 1-7; paragraph [0129], lines 9-15; paragraph [0139], lines 
27-33: authentication code (instructions or data)) 
It would have been obvious to one of ordinary skill in the art to modify Ellison as 
taught by Worley to enable the capability to authenticate another set of computer 
instructions or data. One of ordinary skill in the art would have been motivated to 
employ the teachings of Worley in order to enable operational control of secure 
resources without exposing privilege instructions and registers, (see Worley 
paragraph [0020], lines 16-21) 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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